Auth bypass in Drupal Commerce Realex / Global Payments
CVE-2026-13238
Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2.
Vulnerability class: Broken Access Control
Affected products
- Drupal Commerce Realex / Global Payments — versions 0.0.0